|
help, inam virus ili trojan
pozdrav imam neko sranje na kompu koje mi je pozedralo sve xyz.exe stvari na kompu. nod 32 ga ne pronalazi(nađe ga kad je file vec inficiran), neznam kako ga maknut. sranje se zove TENGA ili tak nekak.
bio bih jako zahvalan kad bi mi neko pomogao to maknut napravio sam hijack this scan Logfile of HijackThis v1.99.1 Scan saved at 18:42:18, on 18.4.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Eset\nod32krn.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\EPOX\USDM\USDM.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\PowerS.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Save\Save.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE C:\Program Files\United Devices\UD.EXE C:\Program Files\United Devices\ud_7657531.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe C:\DOCUME~1\JA\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: TVRMVCR.lnk = C:\Program Files\Prolink\PlayTV XP\TVRMVCR.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142170379671 O17 - HKLM\System\CCS\Services\Tcpip\..\{E884A97F-5B01-4593-A0B2-254DC304C524}: NameServer = 195.29.150.3 195.29.150.4 O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
Daj probaj s ovim, ja sam se danas riješio dialera kojeg ni sa čime nisam mogao maknuti
http://www.ewido.net/en/download/ |
ajd briši ovo:
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O17-HKLM\System\CCS\Services\Tcpip\..\{E884A97F-5B01-4593-A0B2-254DC304C524}: NameServer = 195.29.150.3 195.29.150.4 O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" ajd probaj to prvo ak ne uspiješ se riješit reci nisu mi jasna još dva ova servisa od United Devices, ne bih znao što je to. Ajd pogledaj u Program Files i ak ne znaš što je obriši. |
evo maknuo sto je titix napisao, thanks tutix
ova dva su mi od uninted devices, komp vrti grid... ukoliko ce se ponavljat probam panoramixev recept |
nemaš problema, ali daj još i ovo pogledaj malo mi je sumnjivo...
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install |
digni win u safe modu i onda pokreni nod
|
Citiraj:
http://www.sysinfo.org/startuplist.php http://www.processlibrary.com/ http://castlecops.com/StartupList.html Neovisno od rezultata, preporučam EWIDO za full scan. |
Citiraj:
|
Probaj sa Spy Falcon. Meni je našao par stvari koje NOD32, avast, SpyBot S&D, Trojan Hunter, Ad-aware 6 Pro, hijackthis i još par programa nisu... Jedino šta moraš ručno brisat ili platit full verziju programa.
|
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\PowerS.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Save\Save.exe C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe ovo su stvari bez kojih u pravilu mozes-- nisam ziher az ovo prvo |
Spy Falcon je spyware!! To se uklanja inaaöe jer je izrazito naporan!
|
Citiraj:
|
| Sva vremena su GMT +2. Sada je 01:16. |
Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© 1999-2024 PC Ekspert - Sva prava pridržana ISSN 1334-2940
Ad Management by RedTyger